Fill'er Up

Though gas stations are common targets for card-skimming attacks, at one Sierra Madre, Calif., station, law enforcement officials suspect the owner was behind the scheme.

The EVG gas station is suspected to have had skimming devices attached to its pump terminals, allowing a scammer to steal card data as it is swiped, according to a Jan. 4 article in the Pasadena Star-News.

Such devices typically store the data until it is retrieved at once by the scammer; modern versions transmit the data wirelessly.

About 230 people have been hit with debit card fraud associated with the EVG station, the article said. Losses so far have totalled about $62,000. Accounts, primarily of Sierra Madre residents, have been hit for amounts in the low hundreds of dollars to less than $4,000.

Customers of JPMorgan Chase & Co. and Bank of America Corp. have been hit by the scammers. Local, state and federal authorities are investigating the thefts, and they are seeking the gas station owner, identified as Evgeny Yakimenko. The gas station has been closed since Christmas weekend, which is when most of the fraudulent transactions occurred.

About nine other fraud incidents happened at a gas station a block away. The owner of that station, identified as Edgar Artenyan, sold Yakimenko the other gas station about a year ago. Authorities with the Los Angeles County Sheriff's Department referred to the crime as a potential "bust-out," wherein the owner sets up the station as a front, is aware of or supports the fraud, then cashes out gains before fleeing.

Goldman Standard

The recent placement offering to private investors for Facebook Inc. shares bears an uncanny resemblance to a Nigerian e-mail scammer's entreaty for money, The Wall Street Journal noted in a Jan. 5 post to its blog Deal Journal.

According to an e-mail reviewed by the Journal, potential investors were solicited with e-mails from Goldman Sachs, the investment bank in charge of the offering, which is expected to raise $450 million for Facebook. The header read simply, "Private Investment."

The e-mail speaks of a highly confidential and time-sensitive investment an unnamed private company is seeking to raise private capital. "For confidentiality reasons, I am unable to tell you the name of the company unless you agree not to use such information other than in connection with your evaluation of the investment opportunity and to keep all information that we reveal to you strictly confidential," the e-mail to investors read.

By way of comparison, the story ran the text of a recent scam pitch. It reads:

"First, I must solicit your strictest confidence in this transaction. This is by virtue of its nature as being utterly confidential and 'top secret.' I am sure and have confidence of your ability and reliability to prosecute a transaction of this great magnitude involving a pending transaction requiring maximum confidence."

Pass the Spam

Spam volumes are shrinking because of the closing of an outfit called Spamit and its spam botnet Rustock, the world's most active spam script, but the perpetrators behind it may be turning their attention to even more malicious pursuits.

According to a Jan. 11 post on the security blog Krebsonsecurity.com, the botnet sent out spam e-mail for Canadian pharmacy medications, among other things.

While that may be good news for hapless e-mail recipients who will see bogus e-mails diminish in their in-boxes, the same defunct outfit is now shifting its focus to creating adware, malware, spyware and other money-making ventures through hacking.

Phil Hay, senior threat analyst with M86 Security Inc., said he noticed Rustock performing what he called pay-per-click ad fraud, installing malware on computers in exchange for payment.

The Fraud Guy

The risk consultancy Kroll Inc. in New York has hired Keith Kelly, the former supervising agent of the Federal Bureau of Investigation's Bernard L. Madoff Fraud Task Force.

Kelly has joined as a managing director in the global investigations unit. He will specialize in complex financial investigations, Kroll said in a Jan. 10 press release.

"Increasingly, fraud crosses borders and is enabled by new technology. Keith's extensive background in multinational financial and criminal investigations will augment Kroll's global capabilities and be a tremendous asset to our clients," Robert Brenner, vice president of business intelligence and investigations in the Americas for Kroll, said in the release.

Kroll's global investigations unit has investigated bank failures and financial fraud globally.

Jackpot

Banks aren't the only place where the money is — two men are accused of turning their hacking skills on casino games.

Much like some automated teller machines can be reprogrammed into dispensing larger-denomination bills than the user requested, a video poker machine had a feature that allowed users to get extra money after winning a jackpot for a smaller amount, Wired.com's "Threat Level" blog reported Jan. 6.

John Kane of Las Vegas and Andre Nestor of Pennsylvania face federal conspiracy charges for allegedly scamming casinos using this trick.

The pair are accused of getting over $400,000 in jackpot payouts through this tactic on the Draw Poker machine built by International Game Technology in Reno, Nev.

The exploit could be used only if the machine's "Double Up" option had been switched on; in many cases, the suspects are said to have encouraged casino staff to switch on this feature before they played.

With that option activated, a certain button sequence could be keyed in to trigger a high jackpot after a winning hand appeared.

Upon his arrest, Nestor said that he did not consider this tactic to be illegal — it simply shifted the odds of the game in his favor.

"It's just like if someone taught you how to count cards, which we all know is not illegal," Nestor said in a television interview, according to comments quoted in the article by Wired.com. "Someone told me that there are machines that had programming that gave a player an advantage over the house. And that's all there is to it."